Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		09.08.2009
Source:
SecurityVulns ID:		10130
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		DISCLOSER : Discloser 0.0
		XAMPP : XAMPP 1.6
		PHPMYADMIN : phpMyAdmin 3.2
		WORDPRESS : Dumb math captcha 1.0
		OPENCMS : OpenCMS 7.5
		SLIDESHOWPRO : SlideShowPro Director 1.3
		CSCART : CS-Cart 2.0
CVE:		CVE-2009-2579 (SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.)
		CVE-2009-2284 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.)

Original document		Salvatore "drosophila" Fresta, Discloser 0.0.4-rc2 SQL Injection Vulnerability (09.08.2009)
		Bonsai - Information Security, [BONSAI] SQL Injection in CS-Cart (09.08.2009)
		MANDRIVA, [ MDVSA-2009:192 ] phpmyadmin (09.08.2009)
		Scott Miles, [CSS09-01] SlideShowPro Director File Disclosure Vulnerability (09.08.2009)
		katie.french_(at)_cgifederal.com, OpenCms (7.5.0) - Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error (09.08.2009)
		MustLive, CSRF, SQL Injection and Full path disclosure vulnerabilities in XAMPP (09.08.2009)
		MustLive, Vulnerabilities in Dumb math captcha for WordPress (09.08.2009)

Discuss:

Read or add your comments to this news (0 comments)

Wireshark multiple security vulnerabilities
Published:		09.08.2009
Source:		BUGTRAQ
SecurityVulns ID:		10131
Type:		remote
Level:		5/10
Description:		RADIUS, AFS, infiniband protocol dessectors vulnerabilities

Affected:		WIRESHARK : Wireshark 1.0
CVE:		CVE-2009-2563 (Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors.)
		CVE-2009-2562 (Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.)
		CVE-2009-2560 (Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (crash) via unspecified vectors in the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissectors.)

Original document

MANDRAKE, [ MDVSA-2009:194 ] wireshark (09.08.2009)

Discuss:

Read or add your comments to this news (0 comments)

in Huawei SmartAX MT880 unauthorized access
Published:		09.08.2009
Source:		BUGTRAQ
SecurityVulns ID:		10132
Type:		remote
Level:		5/10
Description:		Some administration functions, including administrative account creation, are available without password.

Affected:

HUAWEI : Huawei MT880

Original document

Jerome ATHIAS, Multiple Flaws in Huawei SmartAX MT880 [was: Multiple Flaws in Huawei D100] (09.08.2009)

Discuss:

Read or add your comments to this news (0 comments)

Palm Pre unauthorized access updated since 09.08.2009
Published:		06.10.2009
Source:		BUGTRAQ
SecurityVulns ID:		10133
Type:		remote
Level:		6/10
Description:		Multiple HTML injection conditions, including e-mail.

Affected:		PALM : WebOS 1.0
		PALM : WebOS 1.1

Original document		palmprehacker_(at)_gmail.com, Palm Pre WebOS <=1.1 Remote File Access Vulnerability (06.10.2009)
		palmprehacker_(at)_gmail.com, Palm Pre WebOS 1.0.4 Remote execution of arbitrary HTML code vulnerability (09.08.2009)

Discuss:

Read or add your comments to this news (1 comments)